CN112702321B - Distributed transaction current limiting method, device, equipment and storage medium - Google Patents
Distributed transaction current limiting method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112702321B CN112702321B CN202011482247.3A CN202011482247A CN112702321B CN 112702321 B CN112702321 B CN 112702321B CN 202011482247 A CN202011482247 A CN 202011482247A CN 112702321 B CN112702321 B CN 112702321B
- Authority
- CN
- China
- Prior art keywords
- transaction
- current limiting
- preset
- behavior
- flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
技术领域technical field
本发明涉及计算机安全技术领域,尤其涉及一种分布式交易限流方法、装置、设备及存储介质。The invention relates to the technical field of computer security, in particular to a distributed transaction current limiting method, device, equipment and storage medium.
背景技术Background technique
随着现代金融平台的快速发展,用户对金融平台网络服务能力的要求也日益提高。由于受到网络带宽、网络设施等因素的限制,目前可以通过分布式网络来提高金融平台网络服务的效率,典型的分布式网络可实现用户就近访问金融平台内容,极大地提高了金融平台交易效率。With the rapid development of modern financial platforms, users' requirements for the network service capabilities of financial platforms are also increasing. Due to the limitation of network bandwidth, network facilities and other factors, the efficiency of financial platform network services can be improved through distributed networks. A typical distributed network can enable users to access the content of financial platforms nearby, which greatly improves the transaction efficiency of financial platforms.
但是,拒绝服务(Denial of Service,DoS)攻击是一种使合法用户无法得到正常服务响应的攻击形式,攻击者一般利用大量非法攻击报文侵占过多的服务资源从而达到攻击的目的分布式拒绝服务(Distributed Denial of Service,DDoS)攻击的威力更强,攻击者利用大量的傀儡主机来完成更大规模的拒绝服务攻击。由于现成的攻击工具在网络上肆意泛滥,发起这种攻击越来越容易,而且最近几年肆虐的网络蠕虫病毒也对DDoS攻击的发展起到推波助澜的作用,目前,DDoS攻击已经成为金融平台交易网络中最具威胁性和破坏性的攻击形式,使金融平台存在极大的交易风险。However, Denial of Service (DoS) attack is a form of attack that prevents legitimate users from receiving normal service responses. Attackers generally use a large number of illegal attack packets to occupy too many service resources to achieve the purpose of attack. Distributed Denial of Service Distributed Denial of Service (DDoS) attacks are more powerful, and attackers use a large number of puppet hosts to complete larger-scale denial of service attacks. As ready-made attack tools are rampant on the Internet, it is becoming easier and easier to launch such attacks, and the raging network worms in recent years have also contributed to the development of DDoS attacks. At present, DDoS attacks have become a financial platform transaction The most threatening and destructive form of attack in the network makes financial platforms have great transaction risks.
上述内容仅用于辅助理解本发明的技术方案,并不代表承认上述内容是现有技术。The above content is only used to assist in understanding the technical solution of the present invention, and does not mean that the above content is admitted as prior art.
发明内容Contents of the invention
本发明的主要目的在于提供一种分布式交易限流方法、装置、设备及存储介质,旨在解决现有分布式拒绝服务攻击造成金融平台交易网络存在极大的交易风险的技术问题。The main purpose of the present invention is to provide a distributed transaction current limiting method, device, equipment and storage medium, aiming to solve the technical problem that existing distributed denial of service attacks cause great transaction risks in the financial platform transaction network.
为实现上述目的,本发明提供了一种分布式交易限流方法,所述方法包括以下步骤:In order to achieve the above object, the present invention provides a distributed transaction current limiting method, the method includes the following steps:
在接收到用户的交易请求数据包时,根据所述交易请求数据包获取用户的交易行为统计参数;When receiving the user's transaction request data packet, obtain the user's transaction behavior statistical parameters according to the transaction request data packet;
判断所述交易行为统计参数是否符合预设交易行为参数;Judging whether the statistical parameters of the transaction behavior conform to the preset transaction behavior parameters;
在所述交易行为统计参数不符合所述预设交易行为参数时,生成防御请求并将所述防御请求发送至防御请求服务器,以使所述防御请求服务器通过所述防御请求和预设限流决策确定限流节点;When the transaction behavior statistical parameters do not meet the preset transaction behavior parameters, generate a defense request and send the defense request to the defense request server, so that the defense request server passes the defense request and the preset current limit Decision-making to determine the current limiting node;
接收所述防御请求服务器反馈的限流节点,根据所述限流节点控制用户交易流量。The current-limiting node that receives the feedback from the defense request server controls the user's transaction flow according to the current-limiting node.
可选地,所述判断所述交易行为统计参数是否符合预设交易行为参数的步骤,包括:Optionally, the step of judging whether the transaction behavior statistical parameters conform to the preset transaction behavior parameters includes:
根据所述预设交易行为参数获取预测正常行为流量值,根据所述交易行为统计参数获取当前交易行为流量值;Acquiring the predicted normal behavior flow value according to the preset transaction behavior parameters, and obtaining the current transaction behavior flow value according to the transaction behavior statistical parameters;
将所述预测正常行为流量值与所述当前交易行为流量值进行对比,以获得交易流量新息序列;Comparing the predicted normal behavior flow value with the current transaction flow value to obtain a transaction flow innovation sequence;
对所述交易流量新息序列进行分析,并根据所述分析结果判断所述交易行为统计参数是否符合预设交易行为参数。Analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistical parameters conform to the preset transaction behavior parameters according to the analysis result.
可选地,对所述交易流量新息序列进行分析,并根据所述分析结果判断所述交易行为统计参数是否符合预设交易行为参数的步骤,包括:Optionally, the step of analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistical parameters conform to the preset transaction behavior parameters according to the analysis results includes:
根据所述交易流量新息序列确定对应的统计特征;Determining corresponding statistical features according to the transaction flow innovation sequence;
基于预设多变量序贯分析算法对所述统计特征进行分析,以获得样本统计量;analyzing the statistical features based on a preset multivariate sequential analysis algorithm to obtain sample statistics;
根据预设相关性检验算法对所述样本统计量进行相关性分析,以获得相关性分析结果;performing a correlation analysis on the sample statistics according to a preset correlation test algorithm to obtain a correlation analysis result;
根据所述相关性分析结果判断所述交易行为统计参数是否符合预设交易行为参数。According to the correlation analysis result, it is judged whether the transaction behavior statistical parameters conform to the preset transaction behavior parameters.
可选地,所述根据所述交易请求数据包获取用户的交易行为统计参数的步骤,包括:Optionally, the step of obtaining statistical parameters of the user's transaction behavior according to the transaction request data packet includes:
根据所述交易请求数据包获取数据包报头以及时序信息;Obtain data packet header and timing information according to the transaction request data packet;
获取所述数据包报头和所述时序信息的特征信息,并根据所述特征信息生成当前交易行为流量值;Obtaining the characteristic information of the data packet header and the timing information, and generating a current transaction behavior flow value according to the characteristic information;
根据所述当前交易行为流量值生成用户的交易行为统计参数。Generate transaction behavior statistical parameters of the user according to the current transaction behavior flow value.
可选地,所述判断所述交易行为统计参数是否符合预设交易行为参数的步骤之前,还包括:Optionally, before the step of judging whether the transaction behavior statistical parameters meet the preset transaction behavior parameters, it also includes:
构建交易正常流量模型;Build a transaction normal flow model;
基于预设时间序列分析算法通过所述交易正常流量模型获取预测正常行为流量值;Obtaining predicted normal behavior flow values through the transaction normal flow model based on a preset time series analysis algorithm;
根据所述预测正常行为流量值生成预设交易行为参数。Generate preset transaction behavior parameters according to the predicted normal behavior flow value.
可选地,所述生成防御请求并将所述防御请求发送至防御请求服务器,以使所述防御请求服务器通过所述防御请求和预设限流决策确定限流节点的步骤,包括:Optionally, the step of generating a defense request and sending the defense request to a defense request server, so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision, includes:
生成防御请求并将所述防御请求发送至防御请求服务器,以使所述防御请求服务器通过所述防御请求以及预设攻击源追踪策略构建流量树,根据所述流量树确定目标攻击子树,根据预设限流决策通过所述目标攻击子树确定限流节点。Generate a defense request and send the defense request to the defense request server, so that the defense request server builds a traffic tree through the defense request and a preset attack source tracking strategy, determines the target attack subtree according to the traffic tree, and according to The preset current limiting decision determines the current limiting node through the target attack subtree.
可选地,所述接收所述防御请求服务器反馈的限流节点,根据所述限流节点控制用户交易流量的步骤,包括:Optionally, the step of controlling the user's transaction flow according to the rate-limiting node receiving the feedback from the defense request server includes:
接收所述防御请求服务器反馈的限流节点,并确定所述限流节点对应的叶子节点信息;receiving the current limiting node fed back by the defense request server, and determining leaf node information corresponding to the current limiting node;
根据所述叶子节点信息确定限流节点对应的限流额度,并根据所述预设限流决策确定预设丢包概率;determining the current limiting quota corresponding to the current limiting node according to the leaf node information, and determining the preset packet loss probability according to the preset current limiting decision;
根据所述限流额度和所述预设丢包概率控制用户交易流量。User transaction traffic is controlled according to the current limit quota and the preset packet loss probability.
此外,为实现上述目的,本发明还提出一种分布式交易限流装置,所述分布式交易限流装置包括:In addition, in order to achieve the above purpose, the present invention also proposes a distributed transaction current limiting device, the distributed transaction current limiting device includes:
获取模块,用于在接收到用户的交易请求数据包时,根据所述交易请求数据包获取用户的交易行为统计参数;An acquisition module, configured to obtain the user's transaction behavior statistical parameters according to the transaction request data packet when receiving the user's transaction request data packet;
判断模块,用于判断所述交易行为统计参数是否符合预设交易行为参数;A judging module, configured to judge whether the transaction behavior statistical parameters conform to the preset transaction behavior parameters;
决策模块,用于在所述交易行为统计参数不符合所述预设交易行为参数时,生成防御请求并将所述防御请求发送至防御请求服务器,以使所述防御请求服务器通过所述防御请求和预设限流决策确定限流节点;A decision-making module, configured to generate a defense request and send the defense request to a defense request server when the transaction behavior statistical parameters do not meet the preset transaction behavior parameters, so that the defense request server passes the defense request Determine the current limiting node with the preset current limiting decision;
控制模块,用于接收所述防御请求服务器反馈的限流节点,根据所述限流节点控制用户交易流量。The control module is configured to receive the current-limiting node fed back by the defense request server, and control user transaction flow according to the current-limiting node.
此外,为实现上述目的,本发明还提出一种分布式交易限流设备,其特征在于,所述分布式交易限流设备包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的分布式交易限流程序,所述分布式交易限流程序配置为实现如上文所述的分布式交易限流方法的步骤。In addition, in order to achieve the above object, the present invention also proposes a distributed transaction current limiting device, which is characterized in that the distributed transaction current limiting device includes: a memory, a processor and a A distributed transaction current limiting program running on the processor, the distributed transaction current limiting program is configured to implement the steps of the distributed transaction current limiting method as described above.
此外,为实现上述目的,本发明还提出一种存储介质,其特征在于,所述存储介质上存储有分布式交易限流程序,所述分布式交易限流程序被处理器执行时实现如上文所述的分布式交易限流方法的步骤。In addition, in order to achieve the above object, the present invention also proposes a storage medium, which is characterized in that a distributed transaction current limiting program is stored on the storage medium, and when the distributed transaction current limiting program is executed by the processor, the above-mentioned The steps of the distributed transaction current limiting method.
本发明通过在接收到用户的交易请求数据包时,根据所述交易请求数据包获取用户的交易行为统计参数;判断所述交易行为统计参数是否符合预设交易行为参数;在所述交易行为统计参数不符合所述预设交易行为参数时,生成防御请求并将所述防御请求发送至防御请求服务器,以使所述防御请求服务器通过所述防御请求和预设限流决策确定限流节点;接收所述防御请求服务器反馈的限流节点,根据所述限流节点控制用户交易流量。本发明中,采用流量限速技术控制用户在金融平台的交易流量,保证金融平台有限的网络资源不被攻击流消耗殆尽,将流量控制在受限资源的承受能力范围内,上述分布式交易限流方法可以有效地抵御DDoS攻击,解决了现有分布式拒绝服务攻击造成金融平台交易网络存在极大的交易风险的技术问题。The present invention obtains the user's transaction behavior statistical parameters according to the transaction request data packet when receiving the user's transaction request data packet; judges whether the transaction behavior statistical parameters conform to the preset transaction behavior parameters; When the parameters do not meet the preset transaction behavior parameters, generate a defense request and send the defense request to the defense request server, so that the defense request server determines the current limiting node through the defense request and the preset current limiting decision; The current-limiting node that receives the feedback from the defense request server controls the user's transaction flow according to the current-limiting node. In the present invention, the flow rate limiting technology is used to control the user's transaction flow on the financial platform, to ensure that the limited network resources of the financial platform are not exhausted by the attack flow, and to control the flow within the capacity of the limited resources. The current limiting method can effectively resist DDoS attacks and solve the technical problem that the existing distributed denial-of-service attacks cause great transaction risks in the financial platform transaction network.
附图说明Description of drawings
图1是本发明实施例方案涉及的硬件运行环境的分布式交易限流设备的结构示意图;Fig. 1 is a schematic structural diagram of a distributed transaction current-limiting device in a hardware operating environment involved in an embodiment of the present invention;
图2为本发明分布式交易限流方法第一实施例的流程示意图;Fig. 2 is a schematic flow chart of the first embodiment of the distributed transaction current limiting method of the present invention;
图3为本发明分布式交易限流方法第二实施例的流程示意图;Fig. 3 is a schematic flow chart of the second embodiment of the distributed transaction current limiting method of the present invention;
图4为本发明分布式交易限流方法第三实施例的流程示意图;Fig. 4 is a schematic flow chart of the third embodiment of the distributed transaction current limiting method of the present invention;
图5为本发明分布式交易限流装置第一实施例的结构框图。Fig. 5 is a structural block diagram of the first embodiment of the distributed transaction current limiting device of the present invention.
本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The realization of the purpose of the present invention, functional characteristics and advantages will be further described in conjunction with the embodiments and with reference to the accompanying drawings.
具体实施方式Detailed ways
应当理解,此处所描述的具体实施例仅用以解释本发明,并不用于限定本发明。It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.
参照图1,图1为本发明实施例方案涉及的硬件运行环境的分布式交易限流设备结构示意图。Referring to FIG. 1 , FIG. 1 is a schematic structural diagram of a distributed transaction current limiting device in a hardware operating environment involved in an embodiment of the present invention.
如图1所示,该分布式交易限流设备可以包括:处理器1001,例如中央处理器(Central Processing Unit,CPU),通信总线1002、用户接口1003,网络接口1004,存储器1005。其中,通信总线1002用于实现这些组件之间的连接通信。用户接口1003可以包括显示屏(Display)、输入单元比如键盘(Keyboard),可选用户接口1003还可以包括标准的有线接口、无线接口。网络接口1004可选的可以包括标准的有线接口、无线接口(如无线保真(WIreless-FIdelity,WI-FI)接口)。存储器1005可以是高速的随机存取存储器(RandomAccess Memory,RAM)存储器,也可以是稳定的非易失性存储器(Non-Volatile Memory,NVM),例如磁盘存储器。存储器1005可选的还可以是独立于前述处理器1001的存储装置。As shown in FIG. 1 , the distributed transaction current limiting device may include: a
本领域技术人员可以理解,图1中示出的结构并不构成对分布式交易限流设备的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。Those skilled in the art can understand that the structure shown in Figure 1 does not constitute a limitation on the distributed transaction current limiting device, and may include more or less components than shown in the figure, or combine some components, or different components layout.
如图1所示,作为一种存储介质的存储器1005中可以包括操作系统、网络通信模块、用户接口模块以及分布式交易限流程序。As shown in FIG. 1 , the
在图1所示的分布式交易限流设备中,网络接口1004主要用于与网络服务器进行数据通信;用户接口1003主要用于与用户进行数据交互;本发明分布式交易限流设备中的处理器1001、存储器1005可以设置在分布式交易限流设备中,所述分布式交易限流设备通过处理器1001调用存储器1005中存储的分布式交易限流程序,并执行本发明实施例提供的分布式交易限流方法。In the distributed transaction current limiting device shown in Figure 1, the
本发明实施例提供了一种分布式交易限流方法,参照图2,图2为本发明一种分布式交易限流方法第一实施例的流程示意图。An embodiment of the present invention provides a distributed transaction current limiting method. Referring to FIG. 2 , FIG. 2 is a schematic flowchart of a first embodiment of a distributed transaction current limiting method according to the present invention.
本实施例中,所述分布式交易限流方法包括以下步骤:In this embodiment, the distributed transaction current limiting method includes the following steps:
步骤S10:在接收到用户的交易请求数据包时,根据所述交易请求数据包获取用户的交易行为统计参数。Step S10: When receiving the user's transaction request data packet, obtain the user's transaction behavior statistical parameters according to the transaction request data packet.
需要说明的是,本实施例的执行主体是所述分布式交易限流设备,所述分布式交易限流设备可以是个人计算机或服务器等电子设备,本实施例对此不加以限制。在接收到用户的交易请求数据包时,根据所述交易请求数据包获取用户的交易行为统计参数,可采用多种方式实现,下面以其中两种方式为例来进行说明,当然,还可以采用至少两种方式来组合实现。此外,根据交易请求数据包获取用户的交易行为统计参数的方式还可以为根据实际情况需要采取其他方式,本实施例对此不加以限制。其中,用户的交易请求可以为用户在金融平台上进行的金融资产的登记、交易、转让、过户等操作,本实施例对具体交易操作并不加以限制。It should be noted that the executor of this embodiment is the distributed transaction current limiting device, and the distributed transaction current limiting device may be an electronic device such as a personal computer or a server, which is not limited in this embodiment. When receiving the transaction request data packet from the user, the statistical parameters of the user's transaction behavior can be obtained according to the transaction request data packet, which can be realized in a variety of ways. The following two methods are used as examples to illustrate. Of course, you can also use Combination of at least two ways to achieve. In addition, the method of acquiring the statistical parameters of the user's transaction behavior according to the transaction request data packet may be other methods according to the actual situation, which is not limited in this embodiment. Wherein, the user's transaction request may be operations such as registration, transaction, transfer, and transfer of financial assets performed by the user on the financial platform, and this embodiment does not limit specific transaction operations.
具体地,其中一种根据交易请求数据包获取用户的交易行为统计参数的方式为:根据所述交易请求数据包获取数据包报头以及时序信息;获取所述数据包报头和所述时序信息的特征信息,并根据所述特征信息生成当前交易行为流量值;根据所述当前交易行为流量值生成用户的交易行为统计参数。其中,获取当前系统网络的交易请求数据包,对交易请求数据包的行为特征进行特征数据采集,获取数据包报头以及时序信息,主要关注交易请求数据包中特定参数的时间变化趋势,从中提取特定参数的时间序列得到时序信息。此外,也可以利用多个参数的时间序列的特征变化来进行检测分析,能够更大范围的检测出更多种类的流量异常。Specifically, one of the ways to obtain the user's transaction behavior statistical parameters according to the transaction request data packet is: obtain the data packet header and timing information according to the transaction request data packet; obtain the characteristics of the data packet header and the timing information information, and generate the current transaction behavior flow value according to the characteristic information; generate the user's transaction behavior statistical parameters according to the current transaction behavior flow value. Among them, the transaction request data packet of the current system network is obtained, the characteristic data collection is performed on the behavior characteristics of the transaction request data packet, and the header and timing information of the data packet are obtained. time series of parameters to get time series information. In addition, the time-series feature changes of multiple parameters can also be used for detection and analysis, and more types of traffic anomalies can be detected in a wider range.
具体地,另一种根据交易请求数据包获取用户的交易行为统计参数的方式为:获取当前系统网络的交易请求数据包,对交易请求数据包的行为特征进行特征数据采集,通过分析采集到的特征数据来提取网络行为统计参数,将该网络行为统计参数作为用户的交易行为统计参数。Specifically, another way to obtain the user's transaction behavior statistical parameters according to the transaction request data packet is: obtain the transaction request data packet of the current system network, collect the characteristic data of the behavior characteristics of the transaction request data packet, and analyze the collected The feature data is used to extract the network behavior statistical parameters, and the network behavior statistical parameters are used as the user's transaction behavior statistical parameters.
步骤S20:判断所述交易行为统计参数是否符合预设交易行为参数。Step S20: judging whether the transaction behavior statistical parameters conform to the preset transaction behavior parameters.
应当理解的是,在对用户的交易请求进行分布式交易限流之前,需要设置预设交易行为参数,设置预设交易行为参数的方式可采用多种方式实现,下面以其中一种方式为例来进行说明,当然,设置预设交易行为参数的方式还可以为根据实际情况需要采取其他方式,本实施例对此不加以限制。具体地,其中一种根据交易请求数据包获取用户的交易行为统计参数的方式为:构建交易正常流量模型;基于预设时间序列分析算法通过所述交易正常流量模型获取预测正常行为流量值;根据所述预测正常行为流量值生成预设交易行为参数。It should be understood that before the user's transaction request is distributed and limited, it is necessary to set the preset transaction behavior parameters. There are many ways to set the preset transaction behavior parameters. Let's take one of them as an example For illustration, of course, the method of setting the preset transaction behavior parameters can also be other methods according to the actual situation, which is not limited in this embodiment. Specifically, one of the ways to obtain the statistical parameters of the user's transaction behavior according to the transaction request data packet is: construct a normal transaction flow model; obtain the predicted normal behavior flow value through the normal transaction flow model based on a preset time series analysis algorithm; The predicted normal behavior flow value generates preset transaction behavior parameters.
易于理解的是,典型的分布式网络可实现用户就近访问金融平台内容,极大地提高了金融平台交易效率。但是,分布式网络广泛分布于金融平台通信网络中的多条链路上,对金融平台通信网络同时造成攻击影响,网络异常分布于金融平台通信网络中的多条链路上,单个从分支链路上来看,其存在的异常流量较小,不易察觉,但多条链路汇总起来,总的异常流量很大,可以对金融平台通信网络的运行造成很大的影响。本实施例中,结合分布式网络流量异常在金融平台通信网络中的特征信息,利用预设时间序列分析算法获取预测正常行为流量值,将预测正常行为流量值与当前交易行为流量值对比产生网络流量的交易流量新息序列。It is easy to understand that a typical distributed network can enable users to access the content of the financial platform nearby, which greatly improves the transaction efficiency of the financial platform. However, the distributed network is widely distributed on multiple links in the communication network of the financial platform, which causes an attack on the communication network of the financial platform at the same time, and the abnormal network is distributed on multiple links in the communication network of the financial platform. From the perspective of the road, the abnormal traffic is small and difficult to detect. However, when multiple links are aggregated, the total abnormal traffic is very large, which can have a great impact on the operation of the communication network of the financial platform. In this embodiment, combined with the characteristic information of distributed network traffic abnormalities in the financial platform communication network, the preset time series analysis algorithm is used to obtain the predicted normal behavior traffic value, and the predicted normal behavior traffic value is compared with the current transaction behavior traffic value to generate a network Transaction flow innovation sequence of flow.
具体地,根据所述预设交易行为参数获取预测正常行为流量值,根据所述交易行为统计参数获取当前交易行为流量值;将所述预测正常行为流量值与所述当前交易行为流量值进行对比,以获得交易流量新息序列;对所述交易流量新息序列进行分析,并根据所述分析结果判断所述交易行为统计参数是否符合预设交易行为参数。其中,可以通过序贯分析方法分析多个链路的交易流量新息序列的特征,来判断交易行为统计参数是否符合预设交易行为参数,即分析分布式网络流量异常行为是否发生,进而控制用户交易流量。Specifically, the predicted normal behavior flow value is obtained according to the preset transaction behavior parameters, and the current transaction behavior flow value is obtained according to the transaction behavior statistical parameters; the predicted normal behavior flow value is compared with the current transaction behavior flow value , to obtain a transaction flow innovation sequence; analyze the transaction flow innovation sequence, and judge whether the transaction behavior statistical parameters conform to the preset transaction behavior parameters according to the analysis result. Among them, the sequential analysis method can be used to analyze the characteristics of the transaction flow innovation sequence of multiple links to judge whether the transaction behavior statistical parameters meet the preset transaction behavior parameters, that is, to analyze whether the abnormal behavior of the distributed network traffic occurs, and then control the user transaction flow.
步骤S30:在所述交易行为统计参数不符合所述预设交易行为参数时,生成防御请求并将所述防御请求发送至防御请求服务器,以使所述防御请求服务器通过所述防御请求和预设限流决策确定限流节点。Step S30: When the transaction behavior statistical parameters do not meet the preset transaction behavior parameters, generate a defense request and send the defense request to the defense request server, so that the defense request server passes the defense request and the preset transaction behavior parameters. Let the current limiting decision determine the current limiting node.
需要说明的是,在判断出交易行为统计参数不符合预设交易行为参数时,分析分布式发生网络流量异常行为,需要确定限流节点,进而根据限流节点控制用户交易流量。具体地,生成防御请求并将所述防御请求发送至防御请求服务器,以使所述防御请求服务器通过所述防御请求以及预设攻击源追踪策略构建流量树,根据所述流量树确定目标攻击子树,根据预设限流决策通过所述目标攻击子树确定限流节点。其中,防御请求服务器DSP根据具体情况选择攻击源追踪(IP traceback)技术,可以重构出一以网络流量异常行为为根的流量树,并能够从流量树中分离出攻击子树,根据攻击源追踪结果可以获得最合适的限流位置即限流节点,该限流节点为流量树的叶子节点,根据攻击源追踪结果还可以可以了解到攻击流经过了哪些限流器,这样可以有针对性地选择限流节点进行限流,改善限流效果。It should be noted that when it is judged that the statistical parameters of transaction behavior do not meet the preset transaction behavior parameters, it is necessary to determine the current limiting node to analyze the abnormal behavior of distributed network traffic, and then control the user's transaction flow according to the current limiting node. Specifically, generate a defense request and send the defense request to the defense request server, so that the defense request server builds a traffic tree through the defense request and a preset attack source tracking strategy, and determines the target attacker according to the traffic tree. tree, and determine the current limiting node through the target attack subtree according to the preset current limiting decision. Among them, the defense request server DSP selects the attack source tracking (IP traceback) technology according to the specific situation, and can reconstruct a traffic tree with the abnormal behavior of network traffic as the root, and can separate the attack subtree from the traffic tree. The tracking results can obtain the most suitable current limiting position, that is, the current limiting node. The current limiting node is the leaf node of the traffic tree. According to the attack source tracking results, you can also know which current limiters the attack flow has passed through, so that it can be targeted Select the current limiting node for current limiting to improve the current limiting effect.
步骤S40:接收所述防御请求服务器反馈的限流节点,根据所述限流节点控制用户交易流量。Step S40: The rate-limiting node that receives the feedback from the defense request server controls the user's transaction flow according to the rate-limiting node.
应当理解的是,接收所述防御请求服务器反馈的限流节点,并确定所述限流节点对应的叶子节点信息;根据所述叶子节点信息确定限流节点对应的限流额度,并根据所述预设限流决策确定预设丢包概率;根据所述限流额度和所述预设丢包概率控制用户交易流量。其中,叶子节点信息为每个叶子节点的基本信息,基本信息可以包括如节点IP地址、节点状态(是否正在限流、限流额度、限流时限、是否有攻击流经过)以及从该节点采集到的流量信息等,叶子节点信息是控制用户交易流量的重要依据,叶子节点信息也可以保存预设限流决策得出的限流结果。It should be understood that, receiving the current limiting node fed back by the defense request server, and determining the leaf node information corresponding to the current limiting node; determining the current limiting quota corresponding to the current limiting node according to the leaf node information, and determining the current limiting quota corresponding to the current limiting node according to the The preset current limiting decision determines the preset packet loss probability; the user transaction flow is controlled according to the current limit quota and the preset packet loss probability. Among them, the leaf node information is the basic information of each leaf node. The basic information can include such as node IP address, node status (whether current limiting, current limiting quota, current limiting time limit, whether there is attack flow passing through) and information collected from the node. Leaf node information is an important basis for controlling user transaction traffic, and leaf node information can also save the current limiting results obtained from preset current limiting decisions.
本实施例通过在接收到用户的交易请求数据包时,根据所述交易请求数据包获取用户的交易行为统计参数;判断所述交易行为统计参数是否符合预设交易行为参数;在所述交易行为统计参数不符合所述预设交易行为参数时,生成防御请求并将所述防御请求发送至防御请求服务器,以使所述防御请求服务器通过所述防御请求和预设限流决策确定限流节点;接收所述防御请求服务器反馈的限流节点,根据所述限流节点控制用户交易流量。本实施例中,采用流量限速技术控制用户在金融平台的交易流量,保证金融平台有限的网络资源不被攻击流消耗殆尽,将流量控制在受限资源的承受能力范围内,上述分布式交易限流方法可以有效地抵御DDoS攻击,解决了现有分布式拒绝服务攻击造成金融平台交易网络存在极大的交易风险的技术问题。In this embodiment, when receiving the user's transaction request data packet, the user's transaction behavior statistical parameters are obtained according to the transaction request data packet; it is judged whether the transaction behavior statistical parameters conform to the preset transaction behavior parameters; When the statistical parameters do not meet the preset transaction behavior parameters, generate a defense request and send the defense request to the defense request server, so that the defense request server determines the current limiting node through the defense request and the preset current limiting decision ; Receive the current limiting node fed back by the defense request server, and control the user transaction flow according to the current limiting node. In this embodiment, the flow rate limiting technology is used to control the user's transaction flow on the financial platform, to ensure that the limited network resources of the financial platform are not exhausted by the attack flow, and to control the flow within the capacity of the limited resources. The transaction flow limiting method can effectively resist DDoS attacks, and solve the technical problem that the existing distributed denial-of-service attacks cause great transaction risks in the financial platform transaction network.
参考图3,图3为本发明一种分布式交易限流方法第二实施例的流程示意图。基于上述第一实施例,本实施例分布式交易限流方法在所述步骤S20,具体包括:Referring to FIG. 3 , FIG. 3 is a schematic flowchart of a second embodiment of a distributed transaction current limiting method according to the present invention. Based on the above-mentioned first embodiment, the distributed transaction current limiting method of this embodiment in the step S20 specifically includes:
步骤S201:根据所述预设交易行为参数获取预测正常行为流量值,根据所述交易行为统计参数获取当前交易行为流量值。Step S201: Obtain the predicted normal behavior flow value according to the preset transaction behavior parameters, and obtain the current transaction behavior flow value according to the transaction behavior statistical parameters.
需要说明的是,在对用户的交易请求进行分布式交易限流之前,需要设置预设交易行为参数,设置预设交易行为参数的方式可以为:构建交易正常流量模型;基于预设时间序列分析算法通过所述交易正常流量模型获取预测正常行为流量值;根据所述预测正常行为流量值生成预设交易行为参数。可以根据所述预设交易行为参数获取预测正常行为流量值。It should be noted that before the user's transaction request is distributed to limit the transaction flow, it is necessary to set the preset transaction behavior parameters. The method of setting the preset transaction behavior parameters can be: building a normal transaction flow model; based on the preset time series analysis The algorithm obtains the predicted normal behavior flow value through the normal transaction flow model; generates preset transaction behavior parameters according to the predicted normal behavior flow value. The predicted normal behavior flow value can be obtained according to the preset transaction behavior parameters.
易于理解的是,根据所述交易请求数据包获取数据包报头以及时序信息;获取所述数据包报头和所述时序信息的特征信息,并根据所述特征信息生成当前交易行为流量值;根据所述当前交易行为流量值生成用户的交易行为统计参数。可以根据所述交易行为统计参数获取当前交易行为流量值。It is easy to understand that the data packet header and timing information are obtained according to the transaction request data packet; the characteristic information of the data packet header and the timing information is obtained, and the current transaction behavior flow value is generated according to the characteristic information; The transaction behavior statistics parameters of the user are generated by describing the current transaction behavior flow value. The current transaction behavior flow value can be obtained according to the transaction behavior statistical parameters.
步骤S202:将所述预测正常行为流量值与所述当前交易行为流量值进行对比,以获得交易流量新息序列。Step S202: Compare the predicted normal behavior flow value with the current transaction flow value to obtain a transaction flow innovation sequence.
应当理解的是,将预测正常行为流量值与当前交易行为流量值对比产生网络流量的预测新息序列,该网络流量的预测新息序列为交易流量新息序列。本实施例中,结合分布式网络流量异常在金融平台通信网络中的特征信息,利用预设时间序列分析算法获取预测正常行为流量值,将预测正常行为流量值与当前交易行为流量值对比产生网络流量的交易流量新息序列。其中,可以通过序贯分析方法分析多个链路的交易流量新息序列的特征,来判断交易行为统计参数是否符合预设交易行为参数,即分析分布式网络流量异常行为是否发生,进而控制用户交易流量。It should be understood that, comparing the predicted normal behavior flow value with the current transaction behavior flow value generates a predicted innovation sequence of network traffic, and the predicted innovation sequence of network traffic is a transaction traffic innovation sequence. In this embodiment, combined with the characteristic information of distributed network traffic abnormalities in the financial platform communication network, the preset time series analysis algorithm is used to obtain the predicted normal behavior traffic value, and the predicted normal behavior traffic value is compared with the current transaction behavior traffic value to generate a network Transaction flow innovation sequence of flow. Among them, the sequential analysis method can be used to analyze the characteristics of the transaction flow innovation sequence of multiple links to judge whether the transaction behavior statistical parameters meet the preset transaction behavior parameters, that is, to analyze whether the abnormal behavior of the distributed network traffic occurs, and then control the user transaction flow.
步骤S203:对所述交易流量新息序列进行分析,并根据所述分析结果判断所述交易行为统计参数是否符合预设交易行为参数。Step S203: Analyzing the new information sequence of transaction flow, and judging whether the statistical parameters of transaction behavior conform to preset transaction behavior parameters according to the analysis result.
需要说明的是,对所述交易流量新息序列进行分析,根据所述分析结果判断所述交易行为统计参数是否符合预设交易行为参数的过程可以为:根据所述交易流量新息序列确定对应的统计特征;基于预设多变量序贯分析算法对所述统计特征进行分析,以获得样本统计量;根据预设相关性检验算法对所述样本统计量进行相关性分析,以获得相关性分析结果;根据所述相关性分析结果判断所述交易行为统计参数是否符合预设交易行为参数。其中,基于预设序贯分析方法分析多个链路对应的交易流量新息序列的统计特征,构造对数概率似然比判决函数得到样本统计量。利用分布式网络异常在多个链路上表现特征具有相似性的特征,基于预设相关性检验算法通过对多个链路对应的样本统计量的突变值进行相关性分析,来分析分布式网络流量异常行为是否发生,可以判断出所述交易行为统计参数是否符合预设交易行为参数。It should be noted that the process of analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistics parameters conform to the preset transaction behavior parameters according to the analysis results may be: determine the corresponding Statistical characteristics; analyze the statistical characteristics based on a preset multivariate sequential analysis algorithm to obtain sample statistics; perform correlation analysis on the sample statistics according to a preset correlation test algorithm to obtain correlation analysis Result: judging whether the transaction behavior statistical parameters conform to the preset transaction behavior parameters according to the correlation analysis result. Among them, the statistical characteristics of the transaction flow innovation sequence corresponding to multiple links are analyzed based on the preset sequential analysis method, and the logarithmic probability likelihood ratio decision function is constructed to obtain the sample statistics. Using the similarity of distributed network anomalies in multiple links, based on the preset correlation test algorithm, the distributed network is analyzed by performing correlation analysis on the mutation values of the sample statistics corresponding to multiple links. Whether the abnormal traffic behavior occurs, it can be judged whether the statistical parameters of the transaction behavior conform to the preset transaction behavior parameters.
易于理解的是,可以通过预设多序贯分析算法来构建网络异常行为序列,可以避免对网络中的具体精细成分进行分析,而是提取网络链路中的异常空间特征进行分析,使流量检测更为简便。通过对网络中同一节点上不同链路中的交易流量新息序列分别进行序贯分析,可以得出对数概率似然比统计量即得到样本统计量。利用序贯概率比检验中的最大似然比值的突变值这个分析变量来反映交易流量新息序列的特征信息,通过分析两个不同链路中最大似然比突变值的相关性特征来间接的分析交易行为统计参数中是否存在分布式异常。It is easy to understand that the network abnormal behavior sequence can be constructed by preset multi-sequential analysis algorithm, which can avoid the analysis of specific fine components in the network, but extract the abnormal space features in the network link for analysis, so that traffic detection Easier. By sequentially analyzing the transaction flow innovation sequences in different links on the same node in the network, the log probability likelihood ratio statistics can be obtained, that is, the sample statistics. Using the analysis variable of the mutation value of the maximum likelihood ratio in the sequential probability ratio test to reflect the characteristic information of the transaction flow innovation sequence, and indirectly by analyzing the correlation characteristics of the mutation value of the maximum likelihood ratio in two different links Analyze whether there is a distributed anomaly in the statistical parameters of trading behavior.
本实施例通过根据所述预设交易行为参数获取预测正常行为流量值,根据所述交易行为统计参数获取当前交易行为流量值;将所述预测正常行为流量值与所述当前交易行为流量值进行对比,以获得交易流量新息序列;对所述交易流量新息序列进行分析,并根据所述分析结果判断所述交易行为统计参数是否符合预设交易行为参数。本实施例中,采用流量限速技术控制用户在金融平台的交易流量,保证金融平台有限的网络资源不被攻击流消耗殆尽,将流量控制在受限资源的承受能力范围内,上述分布式交易限流方法可以有效地抵御DDoS攻击,解决了现有分布式拒绝服务攻击造成金融平台交易网络存在极大的交易风险的技术问题。In this embodiment, the predicted normal behavior flow value is obtained according to the preset transaction behavior parameters, and the current transaction behavior flow value is obtained according to the transaction behavior statistical parameters; the predicted normal behavior flow value is compared with the current transaction behavior flow value Comparing to obtain a transaction flow innovation sequence; analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistical parameters conform to the preset transaction behavior parameters according to the analysis result. In this embodiment, the flow rate limiting technology is used to control the user's transaction flow on the financial platform, to ensure that the limited network resources of the financial platform are not exhausted by the attack flow, and to control the flow within the capacity of the limited resources. The transaction flow limiting method can effectively resist DDoS attacks, and solve the technical problem that the existing distributed denial-of-service attacks cause great transaction risks in the financial platform transaction network.
参考图4,图4为本发明一种分布式交易限流方法第三实施例的流程示意图。基于上述第一实施例,本实施例分布式交易限流方法在所述步骤S40,具体包括:Referring to FIG. 4 , FIG. 4 is a schematic flowchart of a third embodiment of a distributed transaction current limiting method according to the present invention. Based on the above-mentioned first embodiment, the distributed transaction current limiting method of this embodiment in the step S40 specifically includes:
步骤S401:接收所述防御请求服务器反馈的限流节点,并确定所述限流节点对应的叶子节点信息。Step S401: Receive the current limiting node fed back by the defense request server, and determine leaf node information corresponding to the current limiting node.
需要说明的是,防御请求服务器DSP根据具体情况选择攻击源追踪(IPtraceback)技术,可以重构出一以网络流量异常行为为根的流量树,并能够从流量树中分离出攻击子树,根据攻击源追踪结果可以获得最合适的限流位置即限流节点,该限流节点为流量树的叶子节点,根据攻击源追踪结果还可以可以了解到攻击流经过了哪些限流器,这样可以有针对性地选择限流节点进行限流,改善限流效果。It should be noted that the defense request server DSP selects the attack source tracing (IPtraceback) technology according to the specific situation, and can reconstruct a traffic tree with the abnormal behavior of network traffic as the root, and can separate the attack subtree from the traffic tree, according to The attack source tracking result can obtain the most suitable current limiting position, that is, the current limiting node. The current limiting node is the leaf node of the traffic tree. According to the attack source tracking result, it can also be known which current limiters the attack flow has passed. Targeted selection of current limiting nodes for current limiting to improve the effect of current limiting.
具体地,接收所述防御请求服务器反馈的限流节点,并确定所述限流节点对应的叶子节点信息;其中,叶子节点信息为每个叶子节点的基本信息,基本信息可以包括如节点IP地址、节点状态(是否正在限流、限流额度、限流时限、是否有攻击流经过)以及从该节点采集到的流量信息等,叶子节点信息是控制用户交易流量的重要依据,叶子节点信息也可以保存预设限流决策得出的限流结果。Specifically, receive the current limiting node fed back by the defense request server, and determine the leaf node information corresponding to the current limiting node; wherein, the leaf node information is the basic information of each leaf node, and the basic information may include, for example, the node IP address , node status (whether current limiting, current limiting quota, current limiting time limit, whether there is an attack flow passing through) and traffic information collected from the node, etc. Leaf node information is an important basis for controlling user transaction traffic. Leaf node information is also The current limiting result obtained by the preset current limiting decision can be saved.
步骤S402:根据所述叶子节点信息确定限流节点对应的限流额度,并根据所述预设限流决策确定预设丢包概率。Step S402: Determine the current limit quota corresponding to the current limit node according to the leaf node information, and determine the preset packet loss probability according to the preset current limit decision.
应当理解的是,根据所述叶子节点信息确定限流节点对应的限流额度,具体限流方法可以有多种,本实施例采用随机丢包的方式,根据所述预设限流决策确定预设丢包概率。It should be understood that the current limit quota corresponding to the current limit node is determined according to the leaf node information. There are many specific current limit methods. Set the packet loss probability.
易于理解的是,根据攻击源追踪结果,可以确定攻击流都经过了哪些限流器,如果只有合法流经过该限流器,防御请求服务器DSP可以将资源优先分配给该限流器,在将资源优先分配给那些只有合法流经过的限流器后可以将剩下的资源按照最大最小准则公平地分配给那些已被攻击流污染的限流器其中,污染并不代表只有攻击流通过,也可能有合法流混杂其中,预设限流决策能有效地保护合法流。It is easy to understand that according to the attack source tracking results, it is possible to determine which flow limiters the attack flow has passed through. If only legitimate flows pass through the flow limiter, the defense request server DSP can preferentially allocate resources to the flow limiter. Resources are preferentially allocated to those current limiters that only legal traffic passes through, and the remaining resources can be fairly allocated to those traffic limiters that have been polluted by attack traffic according to the maximum and minimum criteria. Pollution does not mean that only attack traffic passes through, but also There may be legal traffic mixed in, and the preset traffic limiting policy can effectively protect legal traffic.
步骤S403:根据所述限流额度和所述预设丢包概率控制用户交易流量。Step S403: Control the user's transaction flow according to the current limit quota and the preset packet loss probability.
需要说明的是,为了防止伪造的限流请求,在接到限流请求后首先验证合法性,然后进行限流操作,具体限流方法可以有多种,本实施例采用随机丢包的方式,根据所述限流额度和所述预设丢包概率控制用户交易流量,预设丢包概率P可以由P=(0,1-Limit/Rate)确定,其中,Limit是指该限流节点的限流额度,Rate是指防御请求服务器反馈的限流节点的当前流量大小,如果Limit大于等于Rate,则丢包概率为0,即不必限流,根据所述限流节点的本身的限流额度控制用户交易流量,通过随机丢包的方式限流节点能将用户交易流量的大小控制在一定范围内。It should be noted that, in order to prevent forged current limiting requests, after receiving the current limiting request, first verify the legality, and then perform the current limiting operation. There are many specific current limiting methods. This embodiment adopts the method of random packet loss. According to the current limit quota and the preset packet loss probability to control user transaction flow, the preset packet loss probability P can be determined by P=(0,1-Limit/Rate), where Limit refers to the current limit node Current limit quota, Rate refers to the current traffic size of the current limit node fed back by the defense request server, if Limit is greater than or equal to Rate, then the probability of packet loss is 0, that is, no current limit is required, according to the current limit limit of the current limit node itself To control user transaction flow, the current limiting node can control the size of user transaction flow within a certain range through random packet loss.
易于理解的是,预设限流决策需要定期更新以适应环境的动态变化,否则就会在限流中造成偏差,预设限流决策更新过程:按照决策算法重新计算限流额度,并根据决策结果下达新的限流命令,限流命令可以包括调整限流额度以及激活新的限流节点等。It is easy to understand that the preset current limit decision needs to be updated regularly to adapt to the dynamic changes of the environment, otherwise it will cause deviation in the current limit. The preset current limit decision update process: recalculate the current limit according to the decision algorithm, and according to the decision As a result, a new current-limiting command is issued, which may include adjusting the current-limiting quota and activating new current-limiting nodes.
本实施例通过接收所述防御请求服务器反馈的限流节点,并确定所述限流节点对应的叶子节点信息;根据所述叶子节点信息确定限流节点对应的限流额度,并根据所述预设限流决策确定预设丢包概率;根据所述限流额度和所述预设丢包概率控制用户交易流量。本实施例中,采用流量限速技术控制用户在金融平台的交易流量,保证金融平台有限的网络资源不被攻击流消耗殆尽,将流量控制在受限资源的承受能力范围内,上述分布式交易限流方法可以有效地抵御DDoS攻击,解决了现有分布式拒绝服务攻击造成金融平台交易网络存在极大的交易风险的技术问题。In this embodiment, by receiving the current limiting node fed back by the defense request server, and determining the leaf node information corresponding to the current limiting node; according to the leaf node information, determining the current limiting quota corresponding to the current limiting node, and according to the predetermined Set the current limit decision to determine the preset packet loss probability; control the user transaction flow according to the current limit quota and the preset packet loss probability. In this embodiment, the flow rate limiting technology is used to control the user's transaction flow on the financial platform, to ensure that the limited network resources of the financial platform are not exhausted by the attack flow, and to control the flow within the capacity of the limited resources. The transaction flow limiting method can effectively resist DDoS attacks, and solve the technical problem that the existing distributed denial-of-service attacks cause great transaction risks in the financial platform transaction network.
此外,本发明实施例还提出一种存储介质,所述存储介质上存储有分布式交易限流程序,所述分布式交易限流程序被处理器执行如上文所述的分布式交易限流方法的步骤。In addition, the embodiment of the present invention also proposes a storage medium, on which a distributed transaction current limiting program is stored, and the distributed transaction current limiting program is executed by the processor as described above in the distributed transaction current limiting method A step of.
由于本存储介质采用了上述所有实施例的全部技术方案,因此至少具有上述实施例的技术方案所带来的所有有益效果,在此不再一一赘述。Since the storage medium adopts all the technical solutions of all the above-mentioned embodiments, it at least has all the beneficial effects brought by the technical solutions of the above-mentioned embodiments, which will not be repeated here.
参照图5,图5为本发明分布式交易限流装置第一实施例的结构框图。Referring to FIG. 5 , FIG. 5 is a structural block diagram of the first embodiment of the distributed transaction current limiting device of the present invention.
如图5所示,本发明实施例中所述分布式交易限流装置包括:As shown in Figure 5, the distributed transaction current limiting device described in the embodiment of the present invention includes:
获取模块10,用于在接收到用户的交易请求数据包时,根据所述交易请求数据包获取用户的交易行为统计参数。The obtaining
需要说明的是,在接收到用户的交易请求数据包时,根据所述交易请求数据包获取用户的交易行为统计参数,可采用多种方式实现,下面以其中两种方式为例来进行说明,当然,还可以采用至少两种方式来组合实现。此外,根据交易请求数据包获取用户的交易行为统计参数的方式还可以为根据实际情况需要采取其他方式,本实施例对此不加以限制。其中,用户的交易请求可以为用户在金融平台上进行的金融资产的登记、交易、转让、过户等操作,本实施例对具体交易操作并不加以限制。It should be noted that when the user's transaction request data packet is received, the statistical parameters of the user's transaction behavior can be obtained according to the transaction request data packet, which can be realized in a variety of ways. The following two methods are taken as examples for illustration. Of course, at least two ways can also be used to implement in combination. In addition, the method of acquiring the statistical parameters of the user's transaction behavior according to the transaction request data packet may be other methods according to the actual situation, which is not limited in this embodiment. Wherein, the user's transaction request may be operations such as registration, transaction, transfer, and transfer of financial assets performed by the user on the financial platform, and this embodiment does not limit specific transaction operations.
具体地,其中一种根据交易请求数据包获取用户的交易行为统计参数的方式为:根据所述交易请求数据包获取数据包报头以及时序信息;获取所述数据包报头和所述时序信息的特征信息,并根据所述特征信息生成当前交易行为流量值;根据所述当前交易行为流量值生成用户的交易行为统计参数。其中,获取当前系统网络的交易请求数据包,对交易请求数据包的行为特征进行特征数据采集,获取数据包报头以及时序信息,主要关注交易请求数据包中特定参数的时间变化趋势,从中提取特定参数的时间序列得到时序信息。此外,也可以利用多个参数的时间序列的特征变化来进行检测分析,能够更大范围的检测出更多种类的流量异常。Specifically, one of the ways to obtain the user's transaction behavior statistical parameters according to the transaction request data packet is: obtain the data packet header and timing information according to the transaction request data packet; obtain the characteristics of the data packet header and the timing information information, and generate the current transaction behavior flow value according to the characteristic information; generate the user's transaction behavior statistical parameters according to the current transaction behavior flow value. Among them, the transaction request data packet of the current system network is obtained, the characteristic data collection is performed on the behavior characteristics of the transaction request data packet, the data packet header and timing information are obtained, and the time change trend of specific parameters in the transaction request data packet is mainly concerned, and specific time series of parameters to get time series information. In addition, detection and analysis can also be performed using time series characteristic changes of multiple parameters, and more types of traffic anomalies can be detected in a wider range.
具体地,另一种根据交易请求数据包获取用户的交易行为统计参数的方式为:获取当前系统网络的交易请求数据包,对交易请求数据包的行为特征进行特征数据采集,通过分析采集到的特征数据来提取网络行为统计参数,将该网络行为统计参数作为用户的交易行为统计参数。Specifically, another way to obtain the user's transaction behavior statistical parameters according to the transaction request data packet is: obtain the transaction request data packet of the current system network, collect the characteristic data of the behavior characteristics of the transaction request data packet, and analyze the collected The feature data is used to extract the network behavior statistical parameters, and the network behavior statistical parameters are used as the user's transaction behavior statistical parameters.
判断模块20,用于判断所述交易行为统计参数是否符合预设交易行为参数。A judging
应当理解的是,在对用户的交易请求进行分布式交易限流之前,需要设置预设交易行为参数,设置预设交易行为参数的方式可采用多种方式实现,下面以其中一种方式为例来进行说明,当然,设置预设交易行为参数的方式还可以为根据实际情况需要采取其他方式,本实施例对此不加以限制。具体地,其中一种根据交易请求数据包获取用户的交易行为统计参数的方式为:构建交易正常流量模型;基于预设时间序列分析算法通过所述交易正常流量模型获取预测正常行为流量值;根据所述预测正常行为流量值生成预设交易行为参数。It should be understood that before the user's transaction request is distributed to limit the transaction flow, it is necessary to set the preset transaction behavior parameters. There are many ways to set the preset transaction behavior parameters. The following is an example of one of the ways For illustration, of course, the method of setting the preset transaction behavior parameters can also be other methods according to the actual situation, which is not limited in this embodiment. Specifically, one of the ways to obtain the statistical parameters of the user's transaction behavior according to the transaction request data packet is: construct a normal transaction flow model; obtain the predicted normal behavior flow value through the normal transaction flow model based on a preset time series analysis algorithm; The predicted normal behavior flow value generates preset transaction behavior parameters.
易于理解的是,典型的分布式网络可实现用户就近访问金融平台内容,极大地提高了金融平台交易效率。但是,分布式网络广泛分布于金融平台通信网络中的多条链路上,对金融平台通信网络同时造成攻击影响,网络异常分布于金融平台通信网络中的多条链路上,单个从分支链路上来看,其存在的异常流量较小,不易察觉,但多条链路汇总起来,总的异常流量很大,可以对金融平台通信网络的运行造成很大的影响。本实施例中,结合分布式网络流量异常在金融平台通信网络中的特征信息,利用预设时间序列分析算法获取预测正常行为流量值,将预测正常行为流量值与当前交易行为流量值对比产生网络流量的交易流量新息序列。It is easy to understand that a typical distributed network can enable users to access the content of the financial platform nearby, which greatly improves the transaction efficiency of the financial platform. However, the distributed network is widely distributed on multiple links in the communication network of the financial platform, which causes an attack on the communication network of the financial platform at the same time, and the abnormal network is distributed on multiple links in the communication network of the financial platform. From the perspective of the road, the abnormal traffic is small and difficult to detect. However, when multiple links are aggregated, the total abnormal traffic is very large, which can have a great impact on the operation of the communication network of the financial platform. In this embodiment, combined with the characteristic information of distributed network traffic abnormalities in the financial platform communication network, the preset time series analysis algorithm is used to obtain the predicted normal behavior traffic value, and the predicted normal behavior traffic value is compared with the current transaction behavior traffic value to generate a network Transaction flow innovation sequence of flow.
具体地,根据所述预设交易行为参数获取预测正常行为流量值,根据所述交易行为统计参数获取当前交易行为流量值;将所述预测正常行为流量值与所述当前交易行为流量值进行对比,以获得交易流量新息序列;对所述交易流量新息序列进行分析,并根据所述分析结果判断所述交易行为统计参数是否符合预设交易行为参数。其中,可以通过序贯分析方法分析多个链路的交易流量新息序列的特征,来判断交易行为统计参数是否符合预设交易行为参数,即分析分布式网络流量异常行为是否发生,进而控制用户交易流量。Specifically, the predicted normal behavior flow value is obtained according to the preset transaction behavior parameters, and the current transaction behavior flow value is obtained according to the transaction behavior statistical parameters; the predicted normal behavior flow value is compared with the current transaction behavior flow value , to obtain a transaction flow innovation sequence; analyze the transaction flow innovation sequence, and judge whether the transaction behavior statistical parameters conform to the preset transaction behavior parameters according to the analysis result. Among them, the sequential analysis method can be used to analyze the characteristics of the transaction flow innovation sequence of multiple links to judge whether the transaction behavior statistical parameters meet the preset transaction behavior parameters, that is, to analyze whether the abnormal behavior of distributed network traffic occurs, and then control the user transaction flow.
决策模块30,用于在所述交易行为统计参数不符合所述预设交易行为参数时,生成防御请求并将所述防御请求发送至防御请求服务器,以使所述防御请求服务器通过所述防御请求和预设限流决策确定限流节点。A decision-making
需要说明的是,在判断出交易行为统计参数不符合预设交易行为参数时,分析分布式发生网络流量异常行为,需要确定限流节点,进而根据限流节点控制用户交易流量。具体地,生成防御请求并将所述防御请求发送至防御请求服务器,以使所述防御请求服务器通过所述防御请求以及预设攻击源追踪策略构建流量树,根据所述流量树确定目标攻击子树,根据预设限流决策通过所述目标攻击子树确定限流节点。其中,防御请求服务器DSP根据具体情况选择攻击源追踪(IP traceback)技术,可以重构出一以网络流量异常行为为根的流量树,并能够从流量树中分离出攻击子树,根据攻击源追踪结果可以获得最合适的限流位置即限流节点,该限流节点为流量树的叶子节点,根据攻击源追踪结果还可以可以了解到攻击流经过了哪些限流器,这样可以有针对性地选择限流节点进行限流,改善限流效果。It should be noted that when it is judged that the statistical parameters of transaction behavior do not meet the preset transaction behavior parameters, it is necessary to determine the current limiting node to analyze the abnormal behavior of distributed network traffic, and then control the user's transaction flow according to the current limiting node. Specifically, generate a defense request and send the defense request to the defense request server, so that the defense request server builds a traffic tree through the defense request and a preset attack source tracking strategy, and determines the target attacker according to the traffic tree. tree, and determine the current limiting node through the target attack subtree according to the preset current limiting decision. Among them, the defense request server DSP selects the attack source tracking (IP traceback) technology according to the specific situation, and can reconstruct a traffic tree with the abnormal behavior of network traffic as the root, and can separate the attack subtree from the traffic tree. The tracking results can obtain the most suitable current limiting position, that is, the current limiting node. The current limiting node is the leaf node of the traffic tree. According to the attack source tracking results, you can also know which current limiters the attack flow has passed through, so that it can be targeted Select the current limiting node for current limiting to improve the current limiting effect.
控制模块40,用于接收所述防御请求服务器反馈的限流节点,根据所述限流节点控制用户交易流量。The
应当理解的是,接收所述防御请求服务器反馈的限流节点,并确定所述限流节点对应的叶子节点信息;根据所述叶子节点信息确定限流节点对应的限流额度,并根据所述预设限流决策确定预设丢包概率;根据所述限流额度和所述预设丢包概率控制用户交易流量。其中,叶子节点信息为每个叶子节点的基本信息,基本信息可以包括如节点IP地址、节点状态(是否正在限流、限流额度、限流时限、是否有攻击流经过)以及从该节点采集到的流量信息等,叶子节点信息是控制用户交易流量的重要依据,叶子节点信息也可以保存预设限流决策得出的限流结果。It should be understood that, receiving the current limiting node fed back by the defense request server, and determining the leaf node information corresponding to the current limiting node; determining the current limiting quota corresponding to the current limiting node according to the leaf node information, and determining the current limiting quota corresponding to the current limiting node according to the The preset current limiting decision determines the preset packet loss probability; the user transaction flow is controlled according to the current limit quota and the preset packet loss probability. Among them, the leaf node information is the basic information of each leaf node. The basic information can include such as node IP address, node status (whether current limiting, current limiting quota, current limiting time limit, whether there is attack flow passing through) and information collected from the node. Leaf node information is an important basis for controlling user transaction traffic, and leaf node information can also save the current limiting results obtained from preset current limiting decisions.
本实施例中所述分布式交易限流装置包括获取模块10,用于在接收到用户的交易请求数据包时,根据所述交易请求数据包获取用户的交易行为统计参数;判断模块20,用于判断所述交易行为统计参数是否符合预设交易行为参数;决策模块30,用于在所述交易行为统计参数不符合所述预设交易行为参数时,生成防御请求并将所述防御请求发送至防御请求服务器,以使所述防御请求服务器通过所述防御请求和预设限流决策确定限流节点;控制模块40,用于接收所述防御请求服务器反馈的限流节点,根据所述限流节点控制用户交易流量。The distributed transaction current limiting device described in this embodiment includes an
在一实施例中,所述判断模块20,还用于根据所述预设交易行为参数获取预测正常行为流量值,根据所述交易行为统计参数获取当前交易行为流量值;In an embodiment, the judging
将所述预测正常行为流量值与所述当前交易行为流量值进行对比,以获得交易流量新息序列;Comparing the predicted normal behavior flow value with the current transaction flow value to obtain a transaction flow innovation sequence;
对所述交易流量新息序列进行分析,并根据所述分析结果判断所述交易行为统计参数是否符合预设交易行为参数。Analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistical parameters conform to the preset transaction behavior parameters according to the analysis result.
在一实施例中,所述判断模块20,还用于根据所述交易流量新息序列确定对应的统计特征;In an embodiment, the judging
基于预设多变量序贯分析算法对所述统计特征进行分析,以获得样本统计量;analyzing the statistical features based on a preset multivariate sequential analysis algorithm to obtain sample statistics;
根据预设相关性检验算法对所述样本统计量进行相关性分析,以获得相关性分析结果;performing a correlation analysis on the sample statistics according to a preset correlation test algorithm to obtain a correlation analysis result;
根据所述相关性分析结果判断所述交易行为统计参数是否符合预设交易行为参数。According to the correlation analysis result, it is judged whether the transaction behavior statistical parameters conform to the preset transaction behavior parameters.
在一实施例中,所述获取模块10,还用于根据所述交易请求数据包获取数据包报头以及时序信息;In an embodiment, the obtaining
获取所述数据包报头和所述时序信息的特征信息,并根据所述特征信息生成当前交易行为流量值;Obtaining the characteristic information of the data packet header and the timing information, and generating a current transaction behavior flow value according to the characteristic information;
根据所述当前交易行为流量值生成用户的交易行为统计参数。Generate transaction behavior statistical parameters of the user according to the current transaction behavior flow value.
在一实施例中,所述获取模块10,还用于构建交易正常流量模型;In one embodiment, the
基于预设时间序列分析算法通过所述交易正常流量模型获取预测正常行为流量值;Obtaining predicted normal behavior flow values through the transaction normal flow model based on a preset time series analysis algorithm;
根据所述预测正常行为流量值生成预设交易行为参数。Generate preset transaction behavior parameters according to the predicted normal behavior flow value.
在一实施例中,所述决策模块30,还用于生成防御请求并将所述防御请求发送至防御请求服务器,以使所述防御请求服务器通过所述防御请求以及预设攻击源追踪策略构建流量树,根据所述流量树确定目标攻击子树,根据预设限流决策通过所述目标攻击子树确定限流节点。In an embodiment, the decision-making
在一实施例中,所述控制模块40,还用于接收所述防御请求服务器反馈的限流节点,并确定所述限流节点对应的叶子节点信息;In an embodiment, the
根据所述叶子节点信息确定限流节点对应的限流额度,并根据所述预设限流决策确定预设丢包概率;determining the current limiting quota corresponding to the current limiting node according to the leaf node information, and determining the preset packet loss probability according to the preset current limiting decision;
根据所述限流额度和所述预设丢包概率控制用户交易流量。User transaction traffic is controlled according to the current limit quota and the preset packet loss probability.
本发明所述分布式交易限流装置的其他实施例或具体实现方式可参照上述各分布式交易限流方法实施例,此处不再赘述。For other embodiments or specific implementations of the distributed transaction current limiting device of the present invention, reference may be made to the above-mentioned embodiments of the distributed transaction current limiting method, which will not be repeated here.
应当理解的是,以上仅为举例说明,对本发明的技术方案并不构成任何限定,在具体应用中,本领域的技术人员可以根据需要进行设置,本发明对此不做限制。It should be understood that the above is only an example, and does not constitute any limitation to the technical solution of the present invention. In specific applications, those skilled in the art can make settings according to needs, and the present invention is not limited thereto.
需要说明的是,以上所描述的工作流程仅仅是示意性的,并不对本发明的保护范围构成限定,在实际应用中,本领域的技术人员可以根据实际的需要选择其中的部分或者全部来实现本实施例方案的目的,此处不做限制。It should be noted that the workflow described above is only illustrative and does not limit the protection scope of the present invention. In practical applications, those skilled in the art can select part or all of them to implement according to actual needs. The purpose of the scheme of this embodiment is not limited here.
另外,未在本实施例中详尽描述的技术细节,可参见本发明任意实施例所提供的分布式交易限流方法,此处不再赘述。In addition, for technical details that are not described in detail in this embodiment, refer to the distributed transaction current limiting method provided by any embodiment of the present invention, which will not be repeated here.
此外,需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者系统不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者系统所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者系统中还存在另外的相同要素。Furthermore, it should be noted that in this document, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article or system comprising a set of elements includes not only those elements, but also other elements not expressly listed, or elements inherent in such a process, method, article, or system. Without further limitations, an element defined by the phrase "comprising a ..." does not preclude the presence of additional identical elements in the process, method, article or system comprising that element.
上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the above embodiments of the present invention are for description only, and do not represent the advantages and disadvantages of the embodiments.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如只读存储器(Read Only Memory,ROM)/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus a necessary general-purpose hardware platform, and of course also by hardware, but in many cases the former is better implementation. Based on such an understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as a read-only memory (Read Only Memory) , ROM)/RAM, magnetic disk, optical disk), including several instructions to make a terminal device (which can be a mobile phone, computer, server, or network device, etc.) execute the methods described in various embodiments of the present invention.
以上仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above are only preferred embodiments of the present invention, and are not intended to limit the patent scope of the present invention. Any equivalent structure or equivalent process transformation made by using the description of the present invention and the contents of the accompanying drawings, or directly or indirectly used in other related technical fields , are all included in the scope of patent protection of the present invention in the same way.
Claims (8)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011482247.3A CN112702321B (en) | 2020-12-15 | 2020-12-15 | Distributed transaction current limiting method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011482247.3A CN112702321B (en) | 2020-12-15 | 2020-12-15 | Distributed transaction current limiting method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112702321A CN112702321A (en) | 2021-04-23 |
| CN112702321B true CN112702321B (en) | 2023-04-07 |
Family
ID=75508287
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011482247.3A Active CN112702321B (en) | 2020-12-15 | 2020-12-15 | Distributed transaction current limiting method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112702321B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338811B (en) * | 2021-12-30 | 2024-01-30 | 中国农业银行股份有限公司 | Transaction flow limiting method, device, server, storage medium and product |
| CN115134301B (en) * | 2022-06-29 | 2024-04-05 | 中国工商银行股份有限公司 | Flow control method, flow control device, computer equipment and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109831453A (en) * | 2019-03-07 | 2019-05-31 | 北京华安普特网络科技有限公司 | A kind of ddos attack defence method |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9231965B1 (en) * | 2014-07-23 | 2016-01-05 | Cisco Technology, Inc. | Traffic segregation in DDoS attack architecture |
| CN107645478B (en) * | 2016-07-22 | 2020-12-22 | 阿里巴巴集团控股有限公司 | Network attack defense system, method and device |
| CN110138756B (en) * | 2019-04-30 | 2021-05-25 | 网宿科技股份有限公司 | Current limiting method and system |
| CN110149321A (en) * | 2019-05-06 | 2019-08-20 | 长沙市智为信息技术有限公司 | A kind of detection and defence method and device applied to DDOS attack in SDN network |
| CN110380985B (en) * | 2019-08-02 | 2023-05-09 | 中国工商银行股份有限公司 | Traffic control method, device, equipment and storage medium based on transaction link |
| CN110430141B (en) * | 2019-08-08 | 2022-08-09 | 北京字节跳动网络技术有限公司 | Current limiting method and device |
| CN111181932B (en) * | 2019-12-18 | 2022-09-27 | 广东省新一代通信与网络创新研究院 | DDOS attack detection and defense method, device, terminal equipment and storage medium |
-
2020
- 2020-12-15 CN CN202011482247.3A patent/CN112702321B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109831453A (en) * | 2019-03-07 | 2019-05-31 | 北京华安普特网络科技有限公司 | A kind of ddos attack defence method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112702321A (en) | 2021-04-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8935785B2 (en) | IP prioritization and scoring system for DDoS detection and mitigation | |
| Prasad et al. | BARTD: Bio-inspired anomaly based real time detection of under rated App-DDoS attack on web | |
| US11528293B2 (en) | Routing based on a vulnerability in a processing node | |
| US8881281B1 (en) | Application and network abuse detection with adaptive mitigation utilizing multi-modal intelligence data | |
| CN107645478B (en) | Network attack defense system, method and device | |
| US20110019574A1 (en) | Technique for classifying network traffic and for validating a mechanism for classifying network traffic | |
| Feng et al. | Application-layer DDoS defense with reinforcement learning | |
| CN112702321B (en) | Distributed transaction current limiting method, device, equipment and storage medium | |
| US12289341B2 (en) | Techniques for generating signatures characterizing advanced application layer flood attack tools | |
| CN110290122A (en) | Method and device for generating intrusion response strategy | |
| Gonzalez et al. | The impact of application-layer denial-of-service attacks | |
| CN112434304A (en) | Method, server and computer readable storage medium for defending network attack | |
| US12184690B2 (en) | Characterization of HTTP flood DDoS attacks | |
| CN111181967B (en) | Data flow identification method, device, electronic equipment and medium | |
| Nashat et al. | Detecting HTTP flooding attacks based on uniform model | |
| CN116707870A (en) | Defense strategy model training method, defense strategy determination method and device | |
| CN110401650A (en) | A network security decision-making method, device and storage medium for game attack and defense graph | |
| Yang et al. | Design issues of enhanced DDoS protecting scheme under the cloud computing environment | |
| Saini et al. | A Synthesized K-fold approach for Detecting DDoS attack using Machine Learning Solutions | |
| Li et al. | Hidden Markov model based real time network security quantification method | |
| CN118900210B (en) | Network security authentication method and system based on TCP | |
| Hamdani et al. | Detection of DDOS attacks in cloud computing environment | |
| CN118282749B (en) | Dynamic interaction method, monitoring processing and protection system for network security data | |
| CN114338216B (en) | Multidimensional brushing attack prevention and control method, device, equipment and medium | |
| US20240297899A1 (en) | Techniques for accurate learning of baselines for characterizing advanced application-layer flood attack tools |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 518000 Room 516, building 501, Tairan 6th Road, chegongmiao, Futian District, Shenzhen City, Guangdong Province Patentee after: Shenzhen Kuaifu Tong Payment Co.,Ltd. Country or region after: China Address before: Room 516, Building 501, Tairan 6th Road, Chegongmiao, Futian District, Shenzhen, Guangdong Province Patentee before: SHENZHEN KFTPAY FINANCE NETWORK TECHNOLOGY SERVICE CO.,LTD. Country or region before: China |
|
| CP03 | Change of name, title or address |